No worries Jeff, im currently tearing apart source code myself as you suggested.
Thanks 'everyone' for the help so far, my original issue was resolved by zeroing out the structs which I had forgotten to do! (thanks Jeff ;)) I have the code working now, adding a rule. I do now however have another problem. I need to add to the active ruleset. At present i am adding to the inactive and then substituting the inactive for the active. The substitution completely replaces the active ruleset rather than appending my new rule(s) to it (bah). also, I can add 'a' new rule to an anchor but only 'one' rule!! If i want to append to the active ruleset I think I need DIOCCHANGERULE but im still in the process of understanding that one (keep getting -EINVAL) Can anybody tell me if i need to add a new pool address if i want append to the active ruleset??? I am aware that there has been some changes to the implementation in -current. Thing is, am low on bandwidth and money so sticking with 3.3 at present. Thanks everyone for your patience in this matter, im still trying to grok the pf implementation etc but your comments and suggestions are proving to be invaluable and helping my progress in leaps and bounds. I will post the code when I get it working to my spec in the hope that it will prove to be beneficial to someone in a similar situ as myself ciao for now Chris On Sat, Aug 07, 2004 at 03:10:37PM -0500, Jeff Wilson wrote: ## Yikes. I was way off. ## ## I have some code that deals with radix tables. The elements I was trying ## to recall ... pfioc_table.pfrio_esize == Size of each element ... and ## pfioc_table.pfrio_size == total number of elements ... geez, sorry to add ## to the confusion, that was pretty bad. Apparently that has nothing to do ## with what you're trying to do ... sorry! ## ## The way I finally slugged through my own code was to tear apart the source ## of SRC/sys/net/pf_ioctl.c ... I found DIOCADDRULE on line 884 ... several ## EINVAL error conditions exist in that case clause. Hope that helps, sorry ## for my previous incoherence. ## ## jw ## ## ## > On Thu, 5 Aug 2004, Christopher Keeley wrote: ## > ## > > Hello everybody. ## > > ## > > I am currently writing a program in C that at certain points needs to ## > > add a rule to the current firewall set. ## > > ## > > Here is a copy of the code i have so far for the function that will add ## > > the rule: ## > > ## > ## ## -- ## ## Jeff Wilson Senior Analyst/Programmer ## Baylor University Network Services Group ## Waco, TX Information Technology Services ## (254) 710 4615 ---end quoted text--- -- ----------------------------------------------- Chris Keeley http://www.zero1-net.com public key: pgp.mit.edu (search string: crizza)
pgpzoUmxbXrss.pgp
Description: PGP signature
